Post navigation

This is mainly a note to myself about two patches, just in case I ever decide to use OpenSSH for networking, in addition to remote administration.

First, is the cipler-none patch that adds none as a valid argument to the -c command line option. By using it, the transferred data is not encrypted. Pros: eliminates the data encryption overhead. Cons: totally insecure method of transferring sensitive data.

Note: the OpenSSH server, even if it has been patched with this code, does not accept unencrypted connections by default. This has to be enabled explicitly in the sshd configuration (sshd_config) by adding the none “cipher” to the list of the accepted ciphers:

Second, is a set of patches, created at the Pittsburgh Supercomputing Center, which eliminate the bottlenecks caused by some of the internal buffers that control data flow in network connections through OpenSSH. This project is called High Performance SSH/SCP (aka HPN-SSH). Benchmarks show that even encrypted network connections using HPN-SSH perform extraordinarily better than the usual encrypted OpenSSH connections.

OK, this info exists here for completeness, as those HPN-SSH patches have not been designed for home networks! Possibly it might make no difference if you use the regular OpenSSH or HPN-SSH in your home LAN.

Note: the HPN-SSH patches also contain code that adds the none cipher, similar to the cipher-none patch, so, if you intend to use HPN-SSH, it is not required to apply both on the OpenSSH source.

Finally, apart from all these, if you ever decide to use SSH for networking seriously consider using SSHfs (see also SSHfsFAQ).

About George Notaras

George Notaras is the editor of the G-Loaded Journal, a technical blog about Free and Open-Source Software. George, among other things, is an enthusiast self-taught GNU/Linux system administrator. He has created this web site to share the IT knowledge and experience he has gained over the years with other people. George primarily uses CentOS and Fedora. He has also developed some open-source software projects in his spare time.

@Mihai:Apart from encryption, it also provides a comfortable interface to administer remote machines either using command-line applications or graphical ones or effortlessly transfer files. SSH is definitely not useless without encryption. All, that is mandatory, is a 100% trusted environment.

@Atmatzidis:Although I am not an expert to benchmark all those protocols, I don’t think they are faster than an encryption-free SSH connection for the reason that SSH is a much simpler protocol implementation than SAMBA, NFS, HTTP and possibly FTP. Even, if it is not faster than the aforementioned protocols, it cannot be that slow. The truth is I haven’t used SSH in such a way yet, but I plan to do so in the near future. Then, I will be able to write a few things accompanied by actual tests.

@Mihai. openssh provides many features in addition to encryption (like [X] forwarding etc.), and hence many more things are built on top of the interface it provides. Therefore being able to use these things on a local LAN for example without the overhead of encryption is incredibly useful.

@George. I think much of the HPN-SSH patches were bug/design fixes and they’ve mostly been rolled into the official tree in different forms (though it took years for them to do it).
I also found the simple patch to provide chroot access to a user very useful.

@Pádraig: Most probably you are right about the patches being included in openssh. I didn’t do a research before writing the above notes… Also, regarding the patch that adds the ability to the server to chroot users, do you refer to the http://chrootssh.sourceforge.net project or there is another patch?

About

G-Loaded Journal is a technical blog that publishes news, guides and tutorials about GNU/Linux and other Free Open-Source Software. Our mission is to share our experience and knowledge about system administration, automation and programming.